<?php
	//Start session
	session_start();
	
	//Include database connection details
	require_once('../inc/config.inc');
	
	//Array to store validation errors
	$errmsg_arr = array();
	
	//Validation error flag
	$errflag = false;
	
	//Connect to mysql server
	$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
	if(!$link) {
		die('Failed to connect to server: ' . mysql_error());
	}
	
	//Select database
	$db = mysql_select_db(DB_DATABASE);
	if(!$db) {
		die("Unable to select database");
	}
	
	//Function to sanitize values received from the form. Prevents SQL injection
	function clean($str) {
		$str = @trim($str);
		if(get_magic_quotes_gpc()) {
		//Gets the current configuration setting of magic_quotes_gpc
		//Sets the magic_quotes state for GPC (Get/Post/Cookie) operations. When magic_quotes are on, all ' (single-quote), " (double quote), \ (backslash) and NUL's are escaped with a backslash automatically. 
			$str = stripslashes($str);
			
			//Un-quotes a quoted string
		}
		return mysql_real_escape_string($str);
		
		//Escapes special characters in a string for use in an SQL statement
	}
	
	//Sanitize the POST values
	$companyname = clean($_POST['companyname']);
	$owner = clean($_POST['owner']);
	$address = clean($_POST['address']);
	$city = clean($_POST['city']);
	$phone = clean($_POST['phone']);
	$fax = clean($_POST['fax']);
	$email = clean($_POST['email']);
	$logo = clean($_POST['logo']);
	$username = clean($_POST['username']);
	
	
	//Input Validations
	if($companyname == '') {
		$errmsg_arr[] = 'Company name missing';
		$errflag = true;
	}
	if($owner == '') {
		$errmsg_arr[] = 'Owner name missing';
		$errflag = true;
	}
	if($address == '') {
		$errmsg_arr[] = 'Address missing';
		$errflag = true;
	}
	if($city == '') {
		$errmsg_arr[] = 'City missing';
		$errflag = true;
	}
	if($phone == '') {
		$errmsg_arr[] = 'Phone Number missing';
		$errflag = true;
	}
	
	if($fax == '') {
		$errmsg_arr[] = 'Fax Number missing';
		$errflag = true;
	}
	if($email == '') {
		$errmsg_arr[] = 'Email Address missing';
		$errflag = true;
	}
	
	//If there are input validations, redirect back to the registration form
	if($errflag) {
		$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
		session_write_close();
		//Write session data and end session
		header("location: ../wizard.php");
		exit();
	}

	//Create INSERT query
	$result = @mysql_query("INSERT INTO cover_page (plan_id,comp_name,own_name,address,city,phone,fax,email,user) VALUES(null,'$companyname','$owner','$address','$city','$phone','$fax','$email','$username')");
	
	
	//Check whether the query was successful or not
	if($result) {
		header("location: ../wizard.php#tab_tab2");
		$_SESSION['Cover_OK']='Cover Page Saved Successfully!';
		exit();
	}else {
		die("Query failed" . mysql_error());
	}
?>